From owner-freebsd-ipfw@FreeBSD.ORG  Sat Feb 14 05:30:24 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 77B8816A4CE
	for <freebsd-ipfw@freebsd.org>; Sat, 14 Feb 2004 05:30:24 -0800 (PST)
Received: from main.gmane.org (main.gmane.org [80.91.224.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 48AE643D1D
	for <freebsd-ipfw@freebsd.org>; Sat, 14 Feb 2004 05:30:24 -0800 (PST)
	(envelope-from freebsd-ipfw@m.gmane.org)
Received: from root by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 1ArzsE-0004Ts-00
	for <freebsd-ipfw@freebsd.org>; Sat, 14 Feb 2004 14:30:22 +0100
Received: from pd9e76fee.dip.t-dialin.net ([217.231.111.238])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <freebsd-ipfw@freebsd.org>; Sat Feb 14 13:30:22 2004
Received: from ino-qc by pd9e76fee.dip.t-dialin.net with local (Gmexim 0.1
	(Debian))        id 1AlnuQ-0007hv-00
	for <freebsd-ipfw@freebsd.org>; Sat Feb 14 13:30:22 2004
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-ipfw@freebsd.org
From: Clemens Fischer <ino-qc@spotteswoode.dnsalias.org>
Date: Sat, 14 Feb 2004 13:11:12 +0100
Lines: 15
Message-ID: <oes1amix.fsf@ID-23066.news.dfncis.de>
References: <3F833434.5090506@tenebras.com>
	<ekx0paff.fsf@ID-23066.news.dfncis.de>
	<020201c39c6e$5f0fea40$080ba8c0@admin>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: pd9e76fee.dip.t-dialin.net
User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3.50 (berkeley-unix)
Cancel-Lock: sha1:ATnED6x/KxdpljtnmmfVMqhEoC8=
Sender: news <news@sea.gmane.org>
Subject: Re: Strange leakage of private source addresses w/ipfw and natd
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Feb 2004 13:30:24 -0000

* 2003-10-27 freebsd@dwec.ru:

> Ok, maybe not THAT important but definitely a Bad Surprise.  Here's
> the sample (and in current configuration only ICMP packets from time
> to time are being passed through unaltered):
>
> snort: [1:0:0] POSSIBLE address leakage - ICMP {ICMP} 192.168.5.2 ->
> 208.115.104.193
> [**] POSSIBLE address leakage - ICMP [**]

ICMP is connectionless, so anybody can ping/traceroute/whatever your
machine if you don't block those private IPs, and this is what people
usually do.

  clemens